Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

201

202

203

204

205

206

207

208

209

210

Security Management Server Virtual v10.2.11 AdminHelp

Generally this indicates that an attacker is attempting to

execute code without first writing that code to disk.

The

Remote Write PE to Memory process injection affects

Windows operating systems. This policy does not apply to

Mac clients.

Process

Injection:

Remote Overwrite

Code

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote overwrite code

hreat is detected.

Ignore

- No action is taken against identified memory

violations.

Alert

- Record the violation and report the incident to

the Dell Server.

Block

- Block the process call if an application attempts

to call a memory violation process. The

application that

made the call is allowed to continue to run.

Terminate

- Block the process call if an application

attempts to call a memory violation process and terminate

the application that made the call.

Remote Overwrite Code

- A process has modified executable

memory in another process. Under normal conditions

executable memory is not modified, especially by another

process. This usually indicates an attempt to divert

execution in another process.

The Remote Overwrite Code process injection affects

ndows operating systems. This policy does not apply to

Mac clients.

Process

Injection:

Remote Unmap of

Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote memory unmapping

threat is detected.

Ignore

- No action is taken against identified memory

violations.

Alert

- Record the violation and report the incident to

the Dell Server.

Block

- Block the process call if an application attempts

to call a memory violation process. The application that

made the call is allowed to contin

ue to run.

Terminate

- Block the process call if an application

attempts to call a memory violation process and terminate

the application that made the call.

Remote Unmap of Memory

- A process has removed a Windows

executable from the memory of another pro

cess. This may

indicate an intent to replace the executable image with a

modified copy for the purpose of diverting execution.

The Remote Unmap of Memory process injection affects

Windows operating systems. This policy does not apply to

Mac clients.

197